Privacy Risk Report

Tressler’s Privacy Practice Group brings you recent developments and insights on cyber liability, privacy and data storage.

Latest from Privacy Risk Report

Data collectors constantly struggle to balance the need for honest self-critiques of their data protection safeguards with the desire to not generate information that may be used in litigation. Indeed, it is encouraging to see a number of data collectors hiring third-party experts to look at safety measures and issue reports on their findings before there is an incident. Of course, these reports are only useful if they include an honest assessment of a data collector’s incident response preparation, digital forensics and incident remediation.  Understandably, there is trepidation that the findings in the reports may be used to establish liability…
The latest decision related to Illinois’ Biometric Information Protection Act (“BIPA”) was issued by the Illinois Court of Appeals on June 16, 2020, in a matter entitled Cothron v. White Castle System, Inc, 2020 WL 3250706 (June 16, 2020). Latrina Cothron (“Cothron”) began working at White Castle in 2004 and was still a manager at the time she filed suit. As a side note, the Cothron matter differs from many BIPA suits to the extent the plaintiff remains an employee before and after filing suit. Many BIPA cases involve claims by former employees that were terminated prior to bringing suit.…
Over the last few months, cyber security issues may have taken a backseat to health and economic issues. Thankfully, there has not been a major cyber incident during the coronavirus pandemic. To pick up where we were before the pandemic, we were closely analyzing the number of court decisions where it was found that a litigant could not establish standing to bring a lawsuit for a data breach. However, it is only a matter of time until we are again analyzing privacy cases. The recent decision in Jantzer v. Elizabethtown Community Hosp., 2020 WL 2404764 (N.D. New York May 12, 2020), provides the perfect opportunity…
On May 5, 2020, the United States Court of Appeals for the Seventh Circuit issued a decision that will have an immediate impact on litigation concerning Illinois’ Biometric Information Protection Act (“BIPA”). The decision in Bryant v. Compass Group USA, Inc., 2020 WL 2121463 (7th Cir. 2020), puts to rest the question of whether a litigant can establish Article III standing in a federal court for BIPA claims. Prior to the Bryant decision, a number of federal district courts found BIPA plaintiffs did not have standing to bring an action in federal court because they could not allege an “imminent,
Illinois schools must comply with the Student Online Personal Protection Act by July 1, 2021. While many schools may not have been aware of this deadline or have been pushing compliance down the road, the coronavirus pandemic has put SOPPA compliance in a new light. Illinois schools are quickly realizing that their contractual relationships with educational technology companies and the use of student data are issues that must be addressed immediately. Therefore, this coming summer provides schools a unique opportunity to both get in compliance with SOPPA early and prepare for an uncertain fall semester. The Second Half Of…
One bright spot in recent events has been to see our kids stay focused as students and to see teachers continue their great work while bunkered down from their homes. Nevertheless, it may be worthwhile to pause to think about the technology that makes this all possible. One lawsuit recently filed in California sheds light on the privacy issues created when students, schools and teachers become increasingly reliant on “e-learning” and the technology that supports it. On April 2, 2020, a class-action lawsuit was filed in the District Court for the Northern District of California entitled H.K. and J.C., through
Understandably, there has been a lot of information concerning the novel coronavirus and its impact on insurance, business and, of course, people.  However, there has not been much discussion on what happens if there is a cyber event over the next couple of weeks as the world deals with the COVID-19 pandemic.  A cyber security breach during the novel coronavirus pandemic could sever the one thread connecting remote employees to their place of work. While it is still early, there should be little dispute that the current pandemic will have a profound impact on the workplace, which, in turn, will have…
Despite the sophistication in fraudulent schemes, insurers are keeping up with hackers and recognizing the varied approach to the scamming word…and courts are also taking notice. In Mississippi Silicon Holdings, LLC v. AXIS Ins. Co., the United States District Court for the Northern District of Mississippi found no coverage for an insured who was duped into transferring $1,025,881.13 to a Bulgarian-American Credit Bank believing it was the account of one of its suppliers. 2020 WL 869974 (N.D. Miss. Feb. 21, 2020). The case involved Mississippi Silicon Holdings, LLC (“MSH”), a manufacturing company that makes silicon metal in Burnsville, Mississippi. Around October…
Join us for this exciting new webinar… The Final Countdown: Strategies for Illinois Schools to Get SOPPA Compliant Before the Deadline Presented by Datamation and Tressler LLP Thursday, March 12, 2020 10:00 AM – 11:00 AM CT Click Here to Register! Webinar Description While data breaches are starting to become an accepted part of life, the public is not willing to accept breaches involving minors’ personal information. In particular, recent breaches at educational publisher Pearson and other vendors have put a priority on keeping student personal information secure. Illinois has taken the lead in privacy law by adopting the Student…
While there has been a huge increase in class action cases based on alleged violations of the Illinois Biometric Information Act (“BIPA”), it has not gone unnoticed that the vast majority of the recent cases are limited to allegations brought by employees against their employers rather than by customers. That is, the case law is developing into two distinct branches: BIPA customer cases and BIPA employment cases. The rapid development of BIPA employment cases is surprising to the extent the Illinois Supreme Court’s decision in Rosenbach v. Six Flags, 2019 IL 123186 (Jan 25, 2019) involved a customer of the Six…
Now that the January 1, 2020 compliance deadline for the California Consumer Privacy Act (“CCPA”) has passed and the dust has settled, it may be worth taking a look at how a few other changes in California may impact privacy law. More specifically, in the chaos caused by CCPA compliance, several privacy experts have overlooked California’s steps to regulate the Internet of Things (“IoT”). THE INTERNET OF THINGS GETS MORE DANGEROUS While we were all focused on the impeding CCPA deadline, we can be forgiven for missing a recent incident where a Ring security camera was hacked to harass a child…
The Illinois Biometric Information Protection Act (“BIPA”) has had a significant impact on how employers use timekeeping systems to track employees’ hours at work. Timekeeping systems that allow employees to “clock in” and “clock out” using their thumbprints and fingerprints have become more commonplace. Unfortunately, the courts have not kept up with the technology and employers have found little guidance on how to use this new equipment within the confines of BIPA. As a result of this uncertainty in the law, there is a backlog of cases in Illinois courts involving employers’ use of biometric data. One recent case addresses…
It was a quaint, innocent time before social engineering scams, ransomware or any of the other threats had evolved to hassle both large and small data collectors. In 2014 and 2015, large-scale data breaches at Home Depot, Best Buy and Target roamed the Earth. While all that has changed drastically in the last five years, we still have a few fossils providing insight on a time when huge data breaches caused huge damages to companies with huge insurance policy limits. Five years, ago, on September 19, 2014, we posted about Target Corporation’s motion to dismiss a lawsuit filed by a number
Despite having the potential to impact many data collectors, Illinois’ Biometric Information Protection Act (“BIPA”) has received surprisingly little analysis from state or federal courts. A decision issued on October 17, 2019, by the United States District Court for the Northern District of Illinois may limit the number of BIPA cases reaching the federal courts and, in turn, further, limit the development of law addressing BIPA claims. In Colon v. Dynacast, LLC, 19-cv-4561 (N.D. Ill. Oct. 17, 2019), the Plaintiff, Colon, filed a motion to remand the matter from the Federal Court back to the Circuit Court of Cook County,…
Recently, the Chicago Tribune reported on a data breach involving student data stored by Pearson Clinical Assessment that may have involved a number of students at Illinois schools. On September 5, 2019, the parent of a student at Indian Prairie School District 204 in Naperville, Illinois filed a class-action lawsuit against Pearson Clinical Assessment – the education publisher that suffered a massive data breach in November 2018 exposing the personal information of thousands of teachers and students across the country. As schools increasingly use online services and other technologies to help students learn, the ability to provide adequate protection of…